Windows Analysis Report
fdm_x64_setup.exe

Overview

General Information

Sample Name:	fdm_x64_setup.exe
Analysis ID:	690704
MD5:	31dd1d05a00ad4c3cbb94a8af6726f98
SHA1:	f8a33287bef3e721d52f6b8152822bbdc9a9c3a8
SHA256:	072ee364c81db95d8f45c8d06037cba332cd004d3b8290ee435b369f7becb829
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Obfuscated command line found

Uses schtasks.exe or at.exe to add and modify task schedules

Uses 32bit PE files

PE file contains strange resources

Drops PE files

PE file contains sections with non-standard names

Found dropped PE file which has not been started or loaded

Classification

Signatures

Uses 32bit PE files

Source: fdm_x64_setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\unins000.dat
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7CO7S.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-D0NHS.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-R31M0.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-V105V.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-1LRU2.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-99UVP.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8QFML.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-OVIG9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-H4KKL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-B4BVM.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-90813.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-VG0RE.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-9G3VC.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-6EUK9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-EA331.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-I4TC5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-BHSLV.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5PCKA.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5L5E8.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-3PMR7.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-940K7.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-RPNAI.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4IDOF.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GGULB.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-ONUPS.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-3V1LO.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-242RF.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-87ER9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GMHAL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7H68L.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5S1KV.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7CG1Q.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8OREA.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4DDA0.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-0BB6O.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-VEVHM.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-AA7GK.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-RG2KI.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8IIMH.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-OFL7K.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-U351B.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-JRBN3.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-23BE3.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-T89KD.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-FD6K5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8ATK9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-N2MR5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-BNRSO.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4000T.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-T4J2V.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-PSIFG.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-B3NPD.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-G7439.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-2M2DR.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-9O60R.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GTRN5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-N12R1.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-JFJJL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-TTH8V.tmp

Source: fdm_x64_setup.exe

Static PE information: certificate valid

Source: fdm_x64_setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Uses 32bit PE files

Source: fdm_x64_setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

PE file contains strange resources

Source: fdm_x64_setup.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: fdm_x64_setup.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe

File read: C:\Users\alfredo\Desktop\fdm_x64_setup.exe

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: unknown	Process created: C:\Users\alfredo\Desktop\fdm_x64_setup.exe "C:\Users\alfredo\Desktop\fdm_x64_setup.exe"
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp "C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp" /SL5="$2038C,34713263,780288,C:\Users\alfredo\Desktop\fdm_x64_setup.exe"
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /end /tn FreeDownloadManagerHelperService
Source: C:\Windows\System32\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /end /tn FreeDownloadManagerHelperService
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp "C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp" /SL5="$2038C,34713263,780288,C:\Users\alfredo\Desktop\fdm_x64_setup.exe"

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2520:120:WilError_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2520:304:WilStaging_02

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

File created: C:\Program Files\Softdeluxe

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

File created: C:\Users\alfredo\AppData\Local\Programs

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

File created: C:\Users\alfredo\AppData\Local\Temp\is-IHEBO.tmp

Source: classification engine

Classification label: sus24.winEXE@6/26@3/0

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Window found: window name: TMainForm

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: fdm_x64_setup.exe

Static file information: File size 35460872 > 1048576

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\unins000.dat
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7CO7S.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-D0NHS.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-R31M0.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-V105V.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-1LRU2.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-99UVP.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8QFML.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-OVIG9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-H4KKL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-B4BVM.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-90813.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-VG0RE.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-9G3VC.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-6EUK9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-EA331.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-I4TC5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-BHSLV.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5PCKA.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5L5E8.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-3PMR7.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-940K7.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-RPNAI.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4IDOF.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GGULB.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-ONUPS.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-3V1LO.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-242RF.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-87ER9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GMHAL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7H68L.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5S1KV.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7CG1Q.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8OREA.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4DDA0.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-0BB6O.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-VEVHM.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-AA7GK.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-RG2KI.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8IIMH.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-OFL7K.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-U351B.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-JRBN3.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-23BE3.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-T89KD.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-FD6K5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8ATK9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-N2MR5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-BNRSO.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4000T.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-T4J2V.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-PSIFG.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-B3NPD.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-G7439.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-2M2DR.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-9O60R.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GTRN5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-N12R1.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-JFJJL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-TTH8V.tmp

Source: fdm_x64_setup.exe

Static PE information: certificate valid

Source: fdm_x64_setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation

Obfuscated command line found

Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp "C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp" /SL5="$2038C,34713263,780288,C:\Users\alfredo\Desktop\fdm_x64_setup.exe"
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp "C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp" /SL5="$2038C,34713263,780288,C:\Users\alfredo\Desktop\fdm_x64_setup.exe"

PE file contains sections with non-standard names

Source: fdm_x64_setup.exe

Static PE information: section name: .didata

Drops PE files

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-2M2DR.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-locale-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-RG2KI.tmp	Jump to dropped file
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	File created: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-AA7GK.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-VEVHM.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\ffmpeg.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-stdio-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-G7439.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-9O60R.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-B3NPD.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-runtime-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-0BB6O.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-math-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-multibyte-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\libEGL.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-GTRN5.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-7CG1Q.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-process-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-4DDA0.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Users\alfredo\AppData\Local\Temp\is-IHEBO.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-8OREA.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-private-l1-1-0.dll (copy)	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /end /tn FreeDownloadManagerHelperService

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-2M2DR.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-locale-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-RG2KI.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-AA7GK.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-VEVHM.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\ffmpeg.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-stdio-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-G7439.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-9O60R.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-B3NPD.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-runtime-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-0BB6O.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-math-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-multibyte-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\libEGL.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-GTRN5.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-7CG1Q.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-process-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-4DDA0.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Temp\is-IHEBO.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-8OREA.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-private-l1-1-0.dll (copy)	Jump to dropped file

Screenshots

Network Map

⊘No contacted IP infos

Contacted Domains

Name	IP	Active
accounts.google.com	172.217.16.205	true
www.freedownloadmanager.org	199.101.132.243	true
clients.l.google.com	142.250.186.46	true
clients2.google.com	unknown	unknown

Name	Type	MD5	SHA1	SHA256
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-locale-l1-1-0.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	1D821D741CFAF0D322F2483114D93188	AA6ECD604D207BBAE869225A1A7738433A4417D6	9B299B18FE97191E3875D173B2D89295CFA8D006A0C9328FAE867B8DA9BDC23B
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-math-l1-1-0.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	79878844B0A1EB2B621286DAD20BC4AB	A64CFD5F9424BAD329E2578168EE58A11CE14F36	177779FF31D2977EA5BB583D3FC50209EDB64BBCE8C40D6D14E34EA4446266E3
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-multibyte-l1-1-0.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	A00B5CCB162606D61FBDB843D6EC0253	31C9BF8A87921C0FFBEC8BB882A0F48C16F10870	E4152A6D181F5EBBD79EBF0F441D95073AA0AAAC8F5A6C77D9AB4AB17CFC353E
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-private-l1-1-0.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	A9208707FFA4DCF42EB46CF117B9B4A5	D94DCD936D8D67FC963F0982FBC3EC118DA678D2	680FD6211BFA8F0B591307D883410CFC3240702399E3C86B72213593F0E52216
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-process-l1-1-0.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	3D03D568767B6CB87B64952A3D6186A2	C7BD25D3DD98EC2EA9775B05D01208F1097D7B42	59752E277397617768DA4B76F3A839A7C9280C20AB3FE7BE30DE71399FC4440F
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-runtime-l1-1-0.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	3C2162F8F05B362DDA8814505C555312	2BBCBB984C909ADA3CE8CC37BD910375C2D806F4	B5A3C4681FF8C09CCF32E0E0BF7D183293B5171BBB6512FDB90585D6D88FBD70
C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-stdio-l1-1-0.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	759606F25742C0D3252A3B6BCF7A0098	6F395025343BEB970FB06207101D01A4144133BF	E3C4E66BE42BDBA47B3186F1935BF852620B9F6C507CF56321E21714814D1EA2
C:\Program Files\Softdeluxe\Free Download Manager\ffmpeg.exe (copy)	PE32+ executable (console) x86-64, for MS Windows	2209A1213CA2DBC6DEA064C67204DB32	92427997C3578BB2B99A93AD68C6D2A1C9A971FA	F659DA0CAB01498EF177B152271F4B708E257AF237B2B81DA8AB6BE0132554F6
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (copy)	PE32+ executable (console) x86-64, for MS Windows	EB755F6B7C0799011E18B1B769DC0EBE	510E8E65DFFDDC491A280BCDCEE31D4BF4F4E689	11426FFEEE740B20CF9837E5B23A7BB3918EB0DB70676392D9A798DF9DC138B0
C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe (copy)	PE32+ executable (console) x86-64, for MS Windows	413453B7CEB7A76ACA79121F9CB8CCF2	FDA4BF0D9EE5CF1B043A24FFAC154EBA1797F5DA	4EE94E78AB0148EBD4CE623BC225D49E8DB85F363B976EBA4D8FF9AFAFC66120
C:\Program Files\Softdeluxe\Free Download Manager\is-0BB6O.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	A9208707FFA4DCF42EB46CF117B9B4A5	D94DCD936D8D67FC963F0982FBC3EC118DA678D2	680FD6211BFA8F0B591307D883410CFC3240702399E3C86B72213593F0E52216
C:\Program Files\Softdeluxe\Free Download Manager\is-2M2DR.tmp	PE32+ executable (console) x86-64, for MS Windows	413453B7CEB7A76ACA79121F9CB8CCF2	FDA4BF0D9EE5CF1B043A24FFAC154EBA1797F5DA	4EE94E78AB0148EBD4CE623BC225D49E8DB85F363B976EBA4D8FF9AFAFC66120
C:\Program Files\Softdeluxe\Free Download Manager\is-4DDA0.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	A00B5CCB162606D61FBDB843D6EC0253	31C9BF8A87921C0FFBEC8BB882A0F48C16F10870	E4152A6D181F5EBBD79EBF0F441D95073AA0AAAC8F5A6C77D9AB4AB17CFC353E
C:\Program Files\Softdeluxe\Free Download Manager\is-7CG1Q.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	1D821D741CFAF0D322F2483114D93188	AA6ECD604D207BBAE869225A1A7738433A4417D6	9B299B18FE97191E3875D173B2D89295CFA8D006A0C9328FAE867B8DA9BDC23B
C:\Program Files\Softdeluxe\Free Download Manager\is-8OREA.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	79878844B0A1EB2B621286DAD20BC4AB	A64CFD5F9424BAD329E2578168EE58A11CE14F36	177779FF31D2977EA5BB583D3FC50209EDB64BBCE8C40D6D14E34EA4446266E3
C:\Program Files\Softdeluxe\Free Download Manager\is-9O60R.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	8BF7134FD7C7B9F79FBAA46A820565FD	C82732C10A0F03EF1868D2CA6A8C42EC430A8A02	A8F38398B8E95919CE4F4EB4CE9E2DB432B5B8DA00B531E2F1633795B3FA622A
C:\Program Files\Softdeluxe\Free Download Manager\is-AA7GK.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	3C2162F8F05B362DDA8814505C555312	2BBCBB984C909ADA3CE8CC37BD910375C2D806F4	B5A3C4681FF8C09CCF32E0E0BF7D183293B5171BBB6512FDB90585D6D88FBD70
C:\Program Files\Softdeluxe\Free Download Manager\is-B3NPD.tmp	PE32+ executable (console) x86-64, for MS Windows	2209A1213CA2DBC6DEA064C67204DB32	92427997C3578BB2B99A93AD68C6D2A1C9A971FA	F659DA0CAB01498EF177B152271F4B708E257AF237B2B81DA8AB6BE0132554F6
C:\Program Files\Softdeluxe\Free Download Manager\is-G7439.tmp	PE32+ executable (console) x86-64, for MS Windows	EB755F6B7C0799011E18B1B769DC0EBE	510E8E65DFFDDC491A280BCDCEE31D4BF4F4E689	11426FFEEE740B20CF9837E5B23A7BB3918EB0DB70676392D9A798DF9DC138B0
C:\Program Files\Softdeluxe\Free Download Manager\is-GTRN5.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	185C660A9F1BEC716A5D8CEAA936AE9E	1C6AC11BD9803BF293B0115F32D17E6F3B2715A5	D2A16238E769A4554FC2BCBB50521BDCC92E128B2F2C0B9AD2ED55104D79A3EF
C:\Program Files\Softdeluxe\Free Download Manager\is-RG2KI.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	759606F25742C0D3252A3B6BCF7A0098	6F395025343BEB970FB06207101D01A4144133BF	E3C4E66BE42BDBA47B3186F1935BF852620B9F6C507CF56321E21714814D1EA2
C:\Program Files\Softdeluxe\Free Download Manager\is-VEVHM.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	3D03D568767B6CB87B64952A3D6186A2	C7BD25D3DD98EC2EA9775B05D01208F1097D7B42	59752E277397617768DA4B76F3A839A7C9280C20AB3FE7BE30DE71399FC4440F
C:\Program Files\Softdeluxe\Free Download Manager\libEGL.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	185C660A9F1BEC716A5D8CEAA936AE9E	1C6AC11BD9803BF293B0115F32D17E6F3B2715A5	D2A16238E769A4554FC2BCBB50521BDCC92E128B2F2C0B9AD2ED55104D79A3EF
C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	8BF7134FD7C7B9F79FBAA46A820565FD	C82732C10A0F03EF1868D2CA6A8C42EC430A8A02	A8F38398B8E95919CE4F4EB4CE9E2DB432B5B8DA00B531E2F1633795B3FA622A
C:\Users\alfredo\AppData\Local\Temp\is-IHEBO.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	E4211D6D009757C078A9FAC7FF4F03D4	019CD56BA687D39D12D4B13991C9A42EA6BA03DA	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3C90C4DAABD5AFA78392EA879FA341A6	F45D424B3D9D859D3524AFFE5D2EDEB5FF2C81BC	C9DCF0E3F679469EE4A35083A115C671C37BE19E7EC5721E1F2F3FF1F6E09B0C

Uses 32bit PE files

Source: fdm_x64_setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\unins000.dat
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7CO7S.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-D0NHS.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-R31M0.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-V105V.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-1LRU2.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-99UVP.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8QFML.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-OVIG9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-H4KKL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-B4BVM.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-90813.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-VG0RE.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-9G3VC.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-6EUK9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-EA331.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-I4TC5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-BHSLV.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5PCKA.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5L5E8.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-3PMR7.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-940K7.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-RPNAI.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4IDOF.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GGULB.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-ONUPS.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-3V1LO.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-242RF.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-87ER9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GMHAL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7H68L.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5S1KV.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7CG1Q.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8OREA.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4DDA0.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-0BB6O.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-VEVHM.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-AA7GK.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-RG2KI.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8IIMH.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-OFL7K.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-U351B.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-JRBN3.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-23BE3.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-T89KD.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-FD6K5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8ATK9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-N2MR5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-BNRSO.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4000T.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-T4J2V.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-PSIFG.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-B3NPD.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-G7439.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-2M2DR.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-9O60R.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GTRN5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-N12R1.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-JFJJL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-TTH8V.tmp

Source: fdm_x64_setup.exe

Static PE information: certificate valid

Source: fdm_x64_setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Uses 32bit PE files

Source: fdm_x64_setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

PE file contains strange resources

Source: fdm_x64_setup.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: fdm_x64_setup.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe

File read: C:\Users\alfredo\Desktop\fdm_x64_setup.exe

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: unknown	Process created: C:\Users\alfredo\Desktop\fdm_x64_setup.exe "C:\Users\alfredo\Desktop\fdm_x64_setup.exe"
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp "C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp" /SL5="$2038C,34713263,780288,C:\Users\alfredo\Desktop\fdm_x64_setup.exe"
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /end /tn FreeDownloadManagerHelperService
Source: C:\Windows\System32\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /end /tn FreeDownloadManagerHelperService
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp "C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp" /SL5="$2038C,34713263,780288,C:\Users\alfredo\Desktop\fdm_x64_setup.exe"

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2520:120:WilError_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2520:304:WilStaging_02

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

File created: C:\Program Files\Softdeluxe

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

File created: C:\Users\alfredo\AppData\Local\Programs

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

File created: C:\Users\alfredo\AppData\Local\Temp\is-IHEBO.tmp

Source: classification engine

Classification label: sus24.winEXE@6/26@3/0

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Window found: window name: TMainForm

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: fdm_x64_setup.exe

Static file information: File size 35460872 > 1048576

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\unins000.dat
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7CO7S.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-D0NHS.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-R31M0.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-V105V.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-1LRU2.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-99UVP.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8QFML.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-OVIG9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-H4KKL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-B4BVM.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-90813.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-VG0RE.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-9G3VC.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-6EUK9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-EA331.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-I4TC5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-BHSLV.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5PCKA.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5L5E8.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-3PMR7.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-940K7.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-RPNAI.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4IDOF.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GGULB.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-ONUPS.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-3V1LO.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-242RF.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-87ER9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GMHAL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7H68L.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-5S1KV.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-7CG1Q.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8OREA.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4DDA0.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-0BB6O.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-VEVHM.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-AA7GK.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-RG2KI.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8IIMH.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-OFL7K.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-U351B.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-JRBN3.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-23BE3.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-T89KD.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-FD6K5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-8ATK9.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-N2MR5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-BNRSO.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-4000T.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-T4J2V.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-PSIFG.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-B3NPD.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-G7439.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-2M2DR.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-9O60R.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-GTRN5.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-N12R1.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-JFJJL.tmp
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Directory created: C:\Program Files\Softdeluxe\Free Download Manager\is-TTH8V.tmp

Source: fdm_x64_setup.exe

Static PE information: certificate valid

Source: fdm_x64_setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation

Obfuscated command line found

Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp "C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp" /SL5="$2038C,34713263,780288,C:\Users\alfredo\Desktop\fdm_x64_setup.exe"
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp "C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp" /SL5="$2038C,34713263,780288,C:\Users\alfredo\Desktop\fdm_x64_setup.exe"

PE file contains sections with non-standard names

Source: fdm_x64_setup.exe

Static PE information: section name: .didata

Drops PE files

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-2M2DR.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-locale-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-RG2KI.tmp	Jump to dropped file
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	File created: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-AA7GK.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-VEVHM.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\ffmpeg.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-stdio-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-G7439.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-9O60R.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-B3NPD.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-runtime-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-0BB6O.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-math-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-multibyte-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\libEGL.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-GTRN5.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-7CG1Q.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-process-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-4DDA0.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Users\alfredo\AppData\Local\Temp\is-IHEBO.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\is-8OREA.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	File created: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-private-l1-1-0.dll (copy)	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp

Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /end /tn FreeDownloadManagerHelperService

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\fdm_x64_setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-2M2DR.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-locale-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-RG2KI.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-AA7GK.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-VEVHM.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\ffmpeg.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-stdio-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-G7439.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-9O60R.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-B3NPD.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-runtime-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-0BB6O.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-math-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-multibyte-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\libEGL.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-GTRN5.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-7CG1Q.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-process-l1-1-0.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-4DDA0.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Temp\is-IHEBO.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\is-8OREA.tmp	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll (copy)	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\is-N1RHV.tmp\fdm_x64_setup.tmp	Dropped PE file which has not been started: C:\Program Files\Softdeluxe\Free Download Manager\api-ms-win-crt-private-l1-1-0.dll (copy)	Jump to dropped file

ID:	690704
Product:	CloudBasic
Start time:	08:38:21
Start date:	26.08.2022
Sample:	fdm_x64_setup.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:
Architecture:	WINDOWS
MD5:	31dd1d05a00ad4c3cbb94a8af6726f98
SHA1:	f8a33287bef3e721d52f6b8152822bbdc9a9c3a8
SHA256:	072ee364c81db95d8f45c8d06037cba332cd004d3b8290ee435b369f7becb829
Filetype:	Win32 Executable (generic) a (10002005/4) 98.04%

Windows Analysis Report
fdm_x64_setup.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Domains

Windows Analysis Report fdm_x64_setup.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Domains

Windows Analysis Report
fdm_x64_setup.exe